Navigating the Legal Cloud: How to Manage Data and Intellectual Property with Cloud Orchestration Platforms

13 October 2021 Foley Launch Blog
Authors: Louis Lehot

As the way we live and work has increasingly moved into virtual environments (I like to call it a legal metaverse), the boundaries between physical, digital, and biological worlds become blurrier by the day. Sensors lie within devices installed across every aspect of our home, office and mobile environments, connected from the edge of each of your devices to networks that are both local and cloud-based (with many in a foggy place between the two). The ensuing data traffic requires massive computing power for transfer, storage, analysis, and response. The migration to automated cloud computing power has further accelerated the deployment of containers across the public, private and hybrid cloud ecosystems for the transfer, storage, analysis, and response layers. Kubernetes and Docker have emerged as ubiquitous technologies to build, deploy and manage containerized applications using automation, and investors have noticed. Understanding the key legal issues will enable more successful client relationships for both vendors and customers, and inevitably growth and value creation.

What is a Container?

A container is an executable unit of software that packages application code with the ancillary components needed to deploy in public, private, and hybrid clouds, enabling it to run on any IT infrastructure. We call it a “container” because it stands alone, away from the host operating systems. It has revolutionized how businesses build and scale their applications.


Kubernetes, developed and designed by engineers at Google, is an open-source container orchestration platform that automates many manual processes involved in managing and scaling containerized applications. One of the significant advantages of using Kubernetes is that it gives you the platform to schedule, manage and run containers on clusters of physical or virtual machines, also known as VMs.


Docker is an open source containerization platform that helps developers build, deploy and manage containers. While it is an open source project initially created in France, it moved to the United States and was acquired by Mirantis in 2019. It is backed by a vibrant developer community that shares containers across the Internet via a Docker Hub. Docker accomplishes orchestration tasks with its tool called Docker Swarm. While distinct technologies, Kubernetes and Docker are complementary and can work together to deliver computing power.

As the virtual world explodes with data, containers are the paradigm by which they are growing, and Kubernetes and Docker are the tools by which they are built, managed, deployed, and optimized.

Dealmakers Looking to Enable the Hybrid Cloud

The space has become an attractive and robust ground for investments and dealmaking. By way of example, according to CrunchBase News, San Jose, California-based Lacework, with a cloud security platform including securing workloads in Kubernetes, closed a $525 million round led by Sutter Hill Ventures and Altimeter Capital that values the company at more than $1 billionIBM’s Red Hat acquired Mountain View, California-based StackRox, a Kubernetes-native security platform. Previously, the enterprise business of Docker was acquired by Mirantis.

Legal Relationships in a Container

For businesses that operate with data, managing the adjacent legal relationships will be essential. Is your vendor providing you with Software-as-a-Service product that will enable you to within your clusters of containers? Or is it a professional services firm moving clients to one or another cluster or orchestration platform? Or are they writing code to manage Kubernetes?  What are the standards of quality that will be met? Who owns the code? Is there a license-back to re-use that same code or derivative code for other customer engagements? Or are you the vendor?

If you are a vendor and offer the intellectual property to clients, whether in software or code, you need to own it, license it, and have the right to sub-license it. If you are a software company, this starts by making sure that every employee or consultant signs an invention assignment agreement.

Whether you are the customer or you are the vendor operating with clusters, the data in the container must be protected and handled pursuant to applicable legal norms. While we used to worry only about the European Union’s General Data Protection Regulation (GDPR), there are even more intrusive regulations with teeth coming out of California, and even China. Compliance with data protection regulations is subject to audit, and in any investment or M&A process, a deep diligence dive. Failure to protect data will cause an investor or a buyer to disconnect from your zoom.

Welcome to the Future … in a Container

Kubernetes and Docker should continue to see interest from venture capital as well as strategic investors, since containers and virtualization technologies make a company’s applications and other assets more portable to other cloud services, not locking them into one provider and allowing an enterprise to choose between hybrid and hybrid public cloud options.

New technologies that monitor and understand what the data is saying are on the horizon. The next wave of cloud-orchestration platforms is here. Making sure that legal relationships are well defined will enable your company to benefit, thereby increasing both your business and your value.

This article originally published in IP Watchdog Oct 13, 2021. Reproduced with permission.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services